Analysis
-
max time kernel
145s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 08:23
Static task
static1
Behavioral task
behavioral1
Sample
b28db76843a8fb068456be285d2b1b75_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b28db76843a8fb068456be285d2b1b75_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
b28db76843a8fb068456be285d2b1b75_JaffaCakes118.html
-
Size
158KB
-
MD5
b28db76843a8fb068456be285d2b1b75
-
SHA1
ef48c2da79d45724d61001eb0f49614c163fad1f
-
SHA256
3820fecec31e7fb64bf134b804779a50ee33c4ba183e370943ff0bbea1ce6a5b
-
SHA512
8745d28aa20823bc0443d77c26b997b8528adb33867e28afff7af297c49134dc2a913ef6d0740760e05b4c3171212c7c4dc4ebb4c08e6872dc0d3a21c71bacad
-
SSDEEP
3072:i/0exK8tk9yfkMY+BES09JXAnyrZalI+YQ:i8exKskIsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 904 msedge.exe 904 msedge.exe 388 msedge.exe 388 msedge.exe 4324 identity_helper.exe 4324 identity_helper.exe 4632 msedge.exe 4632 msedge.exe 4632 msedge.exe 4632 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 388 wrote to memory of 4640 388 msedge.exe msedge.exe PID 388 wrote to memory of 4640 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 1372 388 msedge.exe msedge.exe PID 388 wrote to memory of 904 388 msedge.exe msedge.exe PID 388 wrote to memory of 904 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe PID 388 wrote to memory of 3172 388 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b28db76843a8fb068456be285d2b1b75_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:388 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d47182⤵PID:4640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:1372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:904 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2456 /prefetch:82⤵PID:3172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:4636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3672
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 /prefetch:82⤵PID:1488
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:3208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵PID:4068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:12⤵PID:4972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵PID:4328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15804739361483474470,5657685292991909408,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4996 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2360
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3264
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD5153fbe1361df1b5c8d40c40429ae6042
SHA16dfbc2ede28fc9dee7eb8a3603bd5925acf30513
SHA2568de770c3c28b977ff2a23593c58317f7e45e836ef20401a903bf20eb8aa8aeef
SHA512d369675fdf993df0701835adb4d9a25c4a0f6d2117fffe86fe1cc82e7d44c0d9f82cb48f41232805d01d7115405125b66f759b24e356fde6e0ab5b141d4c2612
-
Filesize
5KB
MD5a3a28198f9202fc6085e13424039a59c
SHA10095d53af4d3207a352c4eaa29dc762dd1c14bd7
SHA2569a6f4d16c754e8c939e8a774f70df42caada37da800a41800918d941ca7e4c48
SHA512e6e3b9b3f4e56a85f8cb14df1dda706d8b7ae40e2e68896ce5f2c2776ebb3e4dd9d14be4f5410164933763781b5a1c4a30f5f90a5f2ca9368c8e91064916615a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD598af891e5bfada992cdd1c976370ea90
SHA1b08c2c5129f33e0e92f2b030a2866446182c3f98
SHA2568586ab2bbcb38bfd1a02c1a64254b1ea730285c682de2c597644704afdea1da5
SHA5123f96c858cacb1bc2bec69d109548f900412e7d84b542bd2a71f1fefc5125fa67386379f4eece2b89151bee382131ddc6c7b57e3f20c2c2a34b3296bf5fc4fc55
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e